Disabling sslv2 on linux for port 636.
Rohit khaladkar
rohit.khaladkar at gmail.com
Tue Jun 2 14:43:56 UTC 2009
Thanks Nigel.
I am editing /opt/ABC/CCR/Apache2/conf/ssl.conf file.
On Tue, Jun 2, 2009 at 8:04 PM, Nigel Wade <nmw at ion.le.ac.uk> wrote:
> Rohit khaladkar wrote:
>
>> Hi All,I want to disable ssl2 on a linux server for Port 636. Here is the
>> procedure that I followed :
>>
>> 1)Edit ssl.conf and added following entries in it .
>>
>> SSLCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL
>> SSLProtocol -All +SSLv3 +TLSv1
>>
>> 2)Restarted Apache service.
>>
>> 3)Restarted network.
>>
>> I checked if ssl2 is disabled using the following command :
>>
>> openssl s_client -connect hostname:636 -ssl2
>>
>> where hostname= server name
>>
>> But it still shows me the certificate. I even tried rebooting the machine
>> ,
>> but no luck.
>>
>> Am I missing anything here?.
>>
>>
> Port 636 is normally the ldaps port, ie. SSL encrypted LDAP. Are you really
> listening on that port with Apache? Which ssl.conf did you edit, a full path
> would be rather more specific than just a filename?
>
> Maybe you want to replace 636 with 443 (https) as the openssl request port.
>
> --
> Nigel Wade, System Administrator, Space Plasma Physics Group,
> University of Leicester, Leicester, LE1 7RH, UK
> E-mail : nmw at ion.le.ac.uk
> Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
--
Thanks!
Rohit Khaladkar
More information about the redhat-list
mailing list